Store the runner auth token in a secrets vault
Problem to solve
Its critical for some customers with very strict enterprise security policies to mitigate potential security risks related to the storage of runner authentication tokens on the host compute platform. Some customers have already implemented security best practices by restricting access to the runner compute host environment and locking down permissions to view runner configuration details. While these measures are useful, there are still security risks as a result of the current runner authentication token storage mechanism.
Proposal
- Store the runner authentication token in a secrets vault instead of in the runner
config.toml
Related links
Edited by Darren Eastman